Case Management

Case Management delivers a powerful means for collecting, distributing and analyzing data tied to specific events and incidents for more effective and efficient completion of critical tasks. This fully integrated component optimizes the analyst workflow, ensuring threats do not slip through the cracks. It also allows for conclusive end-to-end threat detection and response.

Threat Lifecycle Management graphic

Accelerate the Discovery and Qualification of Threats

  • Fully integrated Case Management throughout the analyst workflow for rapid case creation and access from any screen
  • Expedite mean-time-to-detection (MTTD) with one-click case creation and incident escalation
  • Ensure incidents are investigated and manage workload through granular case priority with discretionary access and assigned due dates

Reduce Investigation Effort and Increase Threat Recognition

  • Reduce mean-time-to-respond (MTTR) through real-time status tracking
  • Access case details from any screen
  • Manage alarms and approve SmartResponse™ actions within the case
  • Ensure a tamper-proof audit trail through complete activity history
  • Strengthen security and segregate duties through discretionary access controls
  • Increase visibility and awareness into ongoing investigations with executive dashboards
LogRhythm’s security analytics completely changed our visibility and monitoring capabilities to laser focus our time on the alarms that matter the most.

See LogRhythm’s Security Automation and Orchestration Demo

Figure 1: Network Monitor Freemium screenshot

Watch the demo to see how LogRhythm’s security automation and orchestration accelerates threat qualification, investigation, and remediation with incident response workflow and automated playbooks.

Case Management in Action

Accurate Threat Detection and Response

Problem: Often during the investigation process, whether prompted by an alarm or via an ad hoc search, an analyst may perform multiple subsequent searches to understand the nature, intent and scope of a suspicious activity to determine if the incident represents true risk to the environment.

If not organized, the data accumulated throughout these subsequent searches may be difficult to interpret, lead to an incorrect conclusion, or result in an incident slipping through the cracks.

Solution: Cases are easily created within LogRhythm and can act as a central repository of evidence tied to ongoing investigations. They can include any existing forensic data within LogRhythm, as well as external evidence such as screen captures and event data from third-party products. Case Management ensures that threats are proactively identified, prioritized based on organizational risk and rapidly investigated within the Security Intelligence Platform for streamlined incidence response.

Additional LogRhythm Benefit: Any case can be shared with other collaborators, who can also add forensic evidence and annotations to expedite threat detection and response. All activity is tracked as part of the case history, providing real-time status and a tamper-proof audit trail.

Access can be restricted for any user to ensure confidentiality. Case Management enables organizations to drastically improve the maturity and efficiency of their security operations and incident response capabilities.

Case Collaboration

Problem: In addition to a centralized repository for relevant evidence, effective incident response management requires immediate insight and easy access to all aspects of the process, including case priority, working status, case contributors, case notes, forensic discovery, etc.

Solution: LogRhythm’s Case Management allows users to assign a priority to each individual case, with a one-click process to flag any incident requiring escalation. An administrator can begin the incident response management process and quickly escalate the case for immediate collaboration with designated analysts that are given full access to all forensic data and working notes.

Additional LogRhythm Benefit: A Case Management widget delivers immediate access to all cases, including associated alarms, log evidence and notes from any screen within the web console. Users can quickly filter based on specific incidents, status, case owner and/or age for streamlined viewing to quickly add evidence from ongoing forensics to the appropriate case.

Case Management

Insights From InformationWeek News Desk

Learn more about Threat Lifecycle Management and the importance of investing in detection and response capabilities.

Watch Now